RSA Blog - July 2017

7/28/2017 - Operational Rhythm at the Black Hat 2017 NOCBy Matt Tharp Operational rhythm is the term for the nebulous flow of information between parts of a team that makes it so effective. Who needs what, and when to be successful? In the Black Hat NOC, we have very little time to establish such a rhythm. However, a process for distributing critical information isn’t...

7/25/2017 - Black Hat NOC 2017: Can Your Siem Do This?Setup of the Black Hat NOC is an exciting time. The entire network infrastructure is dropped in place at Mandalay Bay. Multiple Black Hat NOC teams work long hours to get the network in place, configured and tested. The attention then turns to the NOC setup where the infrastructure is tied together. RSA, one of...

7/25/2017 - Don't Miss RSA at Black Hat USA 2017Wondering where you’ll find RSA at Black Hat? Where won’t you find RSA is more like it. In addition to hosting our Business Hall booth, where we’ll be showcasing the latest version of RSA NetWitness® Suite, you’ll find us in the Black Hat Network Operations Center (NOC), as well as in speaking sessions on some...

7/24/2017 - Swinging for the FencesDid you know only approximately one in 200, or about 0.5%, of high school senior boys playing interscholastic baseball will eventually be drafted by an MLB team? That includes all levels of professional baseball. Only a small percentage of players drafted actually make it to the Major Leagues. The competition to make it to the...

7/18/2017 - Demand More from Your SIEMBy Mike Adler, VP Product, NetWitness Suite If you’re like a lot of IT security professionals, you’ve always been able to rely on your SIEM to provide log data for threat detection. But that’s just not enough to keep up with all the new threats from new sources that are bombarding organizations today. Can your...

7/18/2017 - Threat Hunting and the Cloud - A Dynamic TensionIn the 1920s, fitness innovator Charles Atlas developed and introduced the Dynamic Tension exercise method. The essence of Dynamic Tension is that it pits muscle against muscle, with a workout intensifying proportionally for both muscles as force increases. As generations of comic book fans have learned since, nobody kicked sand in Charles Atlas’s face after...

7/17/2017 - Hypothesis in Threat HuntingToday’s threat landscape requires organizations to operate more proactively to keep up with advanced and persistent threats. There is no doubt that the practice of threat hunting has emerged as a key capability to detect stealthy threat actors trying to gain access to the organizational IT infrastructure by evading traditional security measures. Hunting aims to...

7/17/2017 - Nip Those Incidents in the Bud!I’m dating myself here, but I used to love to watch the Andy Griffith Show. I liked Andy’s calm demeanor as he tried to raise little Opie. Barney Fife was his neurotic sidekick. I enjoyed this exchange between the two of them as they discussed raising kids: Barney Fife: Well, today’s eight-year-olds are tomorrow’s teenagers....

7/14/2017 - 3 Ways to Make Multi-Factor Authentication Easier for EveryoneThe case for multi-factor authentication (MFA) is clear. The harder you make it for cyber attackers to get to your data, the lower your risk of a breach—and MFA definitely makes it harder, by requiring people who request access to authenticate their identity in more than one way. The downside is that if you don’t...

7/10/2017 - The Myth of the Easy Button Approach to Information SecurityBy: Wes Riley and Erik Heuser In twenty plus years navigating the complexities of the information security (InfoSec) industry a common theme emerges: the fascination with creating the digital panacea, or Easy Button. Marketing departments highlight their product in the best light possible and tell you it will solve all your InfoSec headaches. Years of...

7/5/2017 - Cat-Phishing Hackers for Fun and ProfitOn June 14th, 2017, a new variant of ZXShell appears to have been uploaded from the Marmara region of Turkey. The Trojan itself is well known and contained x32 and x64 rootkits. This blog describes the functionality of ZXShell, as well as the associate rootkits. The Trojan source code is available here. Metadata File Name:...

7/5/2017 - Applying Common Marketing Practices to Save Millions in FraudOver the past few years, I have spoken to countless executives about the challenges of managing fraud risk – from corporate banking to online gaming and digital marketplaces. Whether the goal is to protect billions of investment dollars or prevent bad guys from buying online gaming credits with a stolen credit card, the same sentiments always...